It seems that hackers got more out of the RSA attack one month ago. Apparently, they got access to so called “seeds” which allows them to create valid “one-time passwords” (OTPs).
They are now using those to attack highly secured networks like the one of military equipment producer Lockheed Martin.
Another great example why security by obscurity doesn’t work.
Related articles:
Leave a Comment » | 
Uncategorized | Tagged: Cyberwarfare, Defense contractor, Lockheed Martin, RSA, SecurID | 
Permalink
Posted by digulla
When developing small web applications, it would be great if I could mock AJAX requests.
Apparently, Jonathan Sharp had the same problem and created a solution: Mock Your Ajax Requests with Mockjax for Rapid Development
Very nice. Thank you!
Leave a Comment » | Software | Tagged: AJAX, JavaScript, jQuery, Mockup, Testing | Permalink
Posted by digulla
I’ve come to love Xtext. It’s powerful out of the box, simple enough to grasp and the rough edges cut you just once (i.e. after you put tape over them, the hurting stops).
But sometimes, a picture says more than a thousand words. Unfortunately, creating a graphical editor is still a daunting task. Which probably explains why most graphical editors aren’t worth the shadow the mouse pointer casts over them.
If we only had a compact language to define UI editors … but wait, we have. Or rather we could have with a bit of help with Xtext.
Welcome project Spray. Spray is a DSL to create Graphiti editors.
Leave a Comment » | Software | Tagged: Eclipse, Editor, Graphical Editor, Graphiti, Java, Spray, Xtext | Permalink
Posted by digulla
Another reason why security by obscurity is bad: Allied Telesis builds network components. While this page was loaded in your browser, there is a chance that equipment of them was involved somewhere.
Those components have access protection with the common user/password scheme. If you lost your password, the support could tell you the name and password for a backdoor, that is a login that would always work but one that isn’t visible when you, say, request a list of all known users.
Sounds good? It is. Saves a lot of hassle.
The problem? Someone posted the details for all backdoors in the public support section. Which means that crackers all over the globe now have free reign over them.
Leave a Comment » | Software | Tagged: Allied Telesis, Password, Password Protection, Security, Security through obscurity | Permalink
Posted by digulla
Is “.first” faster or slower than “li.first”?
This blog post has some answers: Efficiently Rendering CSS
Leave a Comment » | Software | Tagged: CSS, HTML, Performance | Permalink
Posted by digulla
The German Bundesamt für Sicherheit in der Informationstechnik (BSI) isn’t taken serious by Sony, according to heise online.
When the security specialists of the German government wanted to know more about the theft of 100 million customer records, “Sony didn’t want to answer due to ongoing technical analysis.” They are still refusing to agree to a follow-up meeting.
If the German government isn’t important enough for Sony to waste some of their precious time …
Leave a Comment » | Fun | Tagged: BSI, PlayStation Network, Sony | Permalink
Posted by digulla
If you ever need to run C Code in a Java VM, have a look at NestedVM. It’s a MIPS CPU emulator. All you need is a GCC cross compiler, then you can compile your C sources to MIPS assembler code and execute it with NestedVM.
Leave a Comment » | Software | Tagged: C, Cross compiler, Emulation, GCC, Java, MIPS | Permalink
Posted by digulla
If you need a small, fast Java 1.4 compiler that you can embed in your application, try Janino.
Leave a Comment » | Software | Tagged: Compiler, Embedded, Janino, Java | Permalink
Posted by digulla
Would you tell your GMail password to a friend? Your colleagues in the office? Publish it on the Internet?
If the answer to any of these is “NO“, you should turn off automatic synchronization on your Android smartphone and never use it in open Wifi networks.
The reason is that Google uses something called a “token” to allow apps your smartphone to connect to Google services like your mail box, your calendar, etc. The token is like a key on your keychain: Anyone who has the key can open the door it fits. Unlike keys on your key chain, anyone who can pick a token out of the air knows where that door is!
Related article: Catching AuthTokens in the Wild
Leave a Comment » | Software | Tagged: Android, Gmail, Google, Password, Security, Wi-Fi, Wifi | Permalink
Posted by digulla
Dark Views 
Hudson and Jenkins Won’t Merge
18. May, 2011There has been recent discussion about a merge between Jenkins and Hudson, after Oracle pushed the dead weight to Eclipse.
My prediction: Won’t happen.
Why not? Because Eclipse is run by lawyers and developers hate lawyers.
Exhibit A: “Is the Eclipse process so bad? … Yes. It’s very bad (for developers). Bad enough to end many contributions.” (https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Hudson+Reconciliation+Requirements)
Exhibit B: “MIT (or MIT-ish, e.g., ASL, BSD, EDL) license” (same page)
Exhibit C: To work on Eclipse projects, you must become a committer (http://wiki.eclipse.org/Development_Resources). That means signing a contract. You have to have an IP Log. All projects on eclipse.org must submit to the Eclipse Public License (http://www.eclipse.org/legal/).
Why is that? Because IBM is rich and Kohsuke Kawaguchi is poor. So trolls are suing IBM and they won’t sue Mr. Kawaguchi. Which is why IBM is raising their barriers and why Jenkins isn’t.
The projects won’t merge
Share this:
Like this: